CVE-2009-4636 - OpenCVE

FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ffmpeg	Ffmpeg

Configuration 1 [-]

cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html
http://secunia.com/advisories/36805
http://secunia.com/advisories/38643
http://www.debian.org/security/2010/dsa-2000
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.securityfocus.com/bid/36465
http://www.vupen.com/english/advisories/2011/1241
https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-02-10T02:00:00

Updated: 2024-08-07T07:08:38.390Z

Reserved: 2010-02-09T00:00:00

Link: CVE-2009-4636

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-02-10T02:30:00.657

Modified: 2011-10-26T02:44:05.247

Link: CVE-2009-4636

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-04-30T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "MDVSA-2011:088", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"}, {"name": "36805", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36805"}, {"name": "36465", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36465"}, {"tags": ["x_refsource_MISC"], "url": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240"}, {"name": "MDVSA-2011:061", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"}, {"name": "MDVSA-2011:062", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"}, {"name": "MDVSA-2011:112", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"}, {"name": "MDVSA-2011:114", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"}, {"tags": ["x_refsource_MISC"], "url": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html"}, {"name": "MDVSA-2011:089", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"}, {"name": "38643", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38643"}, {"name": "ADV-2011-1241", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/1241"}, {"name": "DSA-2000", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2000"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4636", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MDVSA-2011:088", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"}, {"name": "36805", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36805"}, {"name": "36465", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36465"}, {"name": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", "refsource": "MISC", "url": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240"}, {"name": "MDVSA-2011:061", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"}, {"name": "MDVSA-2011:062", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"}, {"name": "MDVSA-2011:112", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"}, {"name": "MDVSA-2011:114", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"}, {"name": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", "refsource": "MISC", "url": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html"}, {"name": "MDVSA-2011:089", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"}, {"name": "38643", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38643"}, {"name": "ADV-2011-1241", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/1241"}, {"name": "DSA-2000", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2000"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:08:38.390Z"}, "title": "CVE Program Container", "references": [{"name": "MDVSA-2011:088", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"}, {"name": "36805", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36805"}, {"name": "36465", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36465"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240"}, {"name": "MDVSA-2011:061", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"}, {"name": "MDVSA-2011:062", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"}, {"name": "MDVSA-2011:112", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"}, {"name": "MDVSA-2011:114", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html"}, {"name": "MDVSA-2011:089", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"}, {"name": "38643", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38643"}, {"name": "ADV-2011-1241", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/1241"}, {"name": "DSA-2000", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2000"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4636", "datePublished": "2010-02-10T02:00:00", "dateReserved": "2010-02-09T00:00:00", "dateUpdated": "2024-08-07T07:08:38.390Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8D486C17-FC4A-4AEE-A430-1B1FBCC2C27C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop."}, {"lang": "es", "value": "FFmpeg v0.5 permite a atacantes remotos producir una denegaci\u00f3n de servicio (colgado) a trav\u00e9s de un fichero manipulado que inicia un bucle infinito."}], "id": "CVE-2009-4636", "lastModified": "2011-10-26T02:44:05.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-02-10T02:30:00.657", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36805"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/38643"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2010/dsa-2000"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/36465"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/1241"}, {"source": "cve@mitre.org", "url": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}